Privacy Notice

This is the website of Galway Hospice Foundation (‘we’, ‘us, ‘our’). We take our responsibility to protect your data seriously.

This policy discloses our information gathering and dissemination practices relating to this website. In order to fully understand your rights, we encourage you to read this policy in full. We are not responsible for the content or privacy practices of other websites even if their link appears on our site. We reserve the right to modify this privacy policy at any time. Each time you use this website you shall be bound by the then current privacy policy and accordingly you should review the privacy policy each time you use this website.


This policy governs the online processing activities of this website. For offline processing of personal data, please request a copy of our Data Protection Policy from our Data Protection Officer (contact details below).


This website is not intended for use by children, and we do not knowingly collect data relating to children. If you are under 16, please ensure that you have a parent or guardian’s permission before providing us with any personal data. If you provide us with personal data we will assume that you are over 16 and that you understand the terms of this Privacy Notice, unless you inform us otherwise.


Who we are


Galway Hospice Foundation is the controller of the personal data it processes. We are registered in Ireland with company number 136155 and with the Charities Regulator RCN 20022150 and with Revenue under Charitable status number CHY8837.


DPO Contact Details


If you wish to exercise your data protection rights or have any questions about this policy or our practices relating to the website you can email our Data Protection Administrator at info@galwayhospice.ie


Data Protection


We will not collect any personal information about you on this website without your clear knowledge and permission. Any personal information which you volunteer to us will be treated strictly in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Acts 1988-2018. Where data is submitted it will be used for the stated purpose and any reasonably incidental purposes only.
We do not sell or distribute your personal information to third parties for purposes of allowing them to market products and services to you.
Communicating via the internet and sending information to you by other means necessarily involves your personal information passing through or being handled by third-parties.


ePrivacy Regulations S.I. 336/2011


Regulation 5 of the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (S.I. No. 336 of 2011) (‘the ePrivacy Regulations’) protects the confidentiality of electronic communications. The ePrivacy Regulations in Ireland transpose the European ePrivacy Directive 2002/58/EC, as amended by 2009/136/EC, into Irish law. As this is an EU directive, each Member State has its own legislation transposing it into its national laws. Regulation 5(3): A person shall not use an electronic communications network to store information, or to gain access to information already stored in the terminal equipment of a subscriber or user, unless:

(a) the subscriber or user has given his or her consent to that use, and
(b) the subscriber or user has been provided with clear and comprehensive information in accordance with the Data Protection Acts which:
(i) is both prominently displayed and easily accessible, and
(ii) includes, without limitation, the purposes of the processing of the information.


Regulation 5(4): For the purpose of paragraph (3), the methods of providing information and giving consent should be as user-friendly as possible. Where it is technically possible and effective, having regard to the relevant provisions of the Data Protection Acts, the user’s consent to the storing of information or to gaining access to information already stored may be given by the use of appropriate browser settings or other technological application by means of which the user can be considered to have given his or her consent.


Regulation 5(5): Paragraph (3) does not prevent any technical storage of, or access to, information for the sole purpose of carrying out the transmission of a communication over an electronic communications network or which is strictly necessary in order to provide an information society service explicitly requested by the subscriber or user.


The information we collect


• For general web-browsing certain statistical information is available to us via our internet service provider. This information may include the IP and logical address of the server you are using, the top-level domain name from which you access the internet (for example, i.e., .com, etc.), the type of browser you are using, the date and time you access our site and the internet address linking to our site. We may also use temporary “session” cookies which enable a visitor’s web browser to remember which pages on this website have already been visited.
• If you choose to donate money through our ‘Donate Now’ page, we will require your name, phone number, address, email and card details. If you choose to make an ‘In Memory’ donation you also have the option of providing the name of your loved one. If you wish for us to send a memory card we will require the name and address of the recipient.
• If you choose to donate money, we will require your name, phone number, address (if you wish to receive a receipt) and card details if applicable.
• When you make a donation to us you are given the option to sign up to receive information from us in the future, about our work, upcoming events or campaigns. We will not send this information to you unless you opt in to receive it. If you change your mind you can always opt out by using the unsubscribe on any correspondence (mail, phone, email).
• If you make a purchase through our online shop, we will require your name, billing address, delivery address and card details. Our online shop payments are processed through Stripe and we do not have access to your card details once the payment is processed.
• If you select to enter our weekly draw or car raffle you will be offered a number of payment options; standing order, PayPal, postal form, payroll deduction, gift voucher. To process your entry, we will require your name, address, billing details, voucher beneficiary name and address (in the case of gifts), email, phone number and payment details (payments are processed via Stripe or PayPal).
• You have an opportunity to send us information via this website, such as through the “Have Your Say” section or any other area where you may send e-mails, request brochures/proposals or provide feedback. You may also choose to provide us with personal data (e.g. name, e-mail, postal address or other contact details) in an e-mail message to the address listed on our site. Our feedback form collects your name, email, and message content. We use all of these details solely for the purpose for which you provided them.
• Our volunteer application form captures job application information including personal details, experience, education, employment history and references.
• For ease we make garda vetting forms available on our website for our prospective employees. The information captured in these forms is prescribed by An Garda Siochana and contains detailed personal information.
• Information contained within a job application (CV) where that is sent via email.
• Completing Transaction Forms – Memory Tree, Weekly Draw, Shop Order Form, Tree Lights and Event Sign Up Forms.


The purpose of collecting information


• Website functionality – we analyse website users’ pattern of use to help us to improve, administer and diagnose problems with our server and website.
• Complaint handling – we may use the data you provide to us via our feedback form or email address.
• To share your experience or feedback on the ‘Have your say’ section on our website.
• Processing your donation – if you kindly make a donation to us we will use the information you provide to process your payment and/or contacting you for the purposes of the governments Charitable Donation Scheme if you have donated over €250 in a tax year.
• To process your purchase from our online shop.
• To process your draw or raffle entry.
• Responding to your query – you may provide us with personal data through our feedback form or email address while seeking information about volunteering, fundraising or our services.
• Sending newsletters & keeping your informed of fundraising opportunities – we will only send information or fundraising updates to you if you have provided your consent to receive them.
• Job applications – from time to time jobs may be advertised on our website and potential candidates will submit their personal data (e.g. CV’s) via email for consideration.
• Volunteer applications –. Applicants also have the opportunity to register their interest via email in working as a Volunteer at the Galway Hospice Foundation.
• For Garda Vetting purposes.
• Entering competitions and raffles, for example a car raffle.


Legal basis for processing


We process the personal data we gather through our website under one of the following lawful bases:
1. Consent: We will only process your data for marketing purposes with your consent. For processing activities for which we rely on consent as a basis for processing, you have the right to withdraw that consent at any time.
2. Contract: We may process the data you provide while fulfilling our obligations under a contract e.g. during the provision of products or services to you or under an employment contract.
3. Statutory: Some processing activities are required by law e.g. Revenue reporting.
4. Legitimate interest: We will only process your data under this legal basis in such a way that you would expect us to based on our relationship with you, e.g. to monitor and improve our service. Where we rely on legitimate interest we carefully balance your rights and expectations to ensure the processing is fair.
For processing activities that are based on a statutory or contractual requirement, you may request your data not be processed for that purpose. However, this is not an absolute right and may be over-ridden by our statutory obligations. In other cases, requesting that data should not be processed for a particular purpose may prevent us from executing a contract or delivering a service to you.


Your rights


Under data protection law, data subjects have certain rights. Subject to certain restrictions, which are set out below, you can exercise these rights in relation to your personal data we process.
1. The right to be informed about the processing of your personal data
2. The right to access your personal data
3. The right to rectification of your personal data
4. The right to erasure of your personal data
5. The right to data portability
6. The right to object to processing of your personal data
7. The right to restrict processing of your personal data
8. Rights in relation to automated decision making, including profiling.
9. You have the right to complain to the Irish Data Protection Commission (www.dataprotection.ie) and to seek compensation through the courts
We reserve the right to request you to provide additional information in order to enable us to identify your personal data and/or to verify your identity.


Restriction of data subject rights in certain circumstances


Article 23 of the GDPR allows for data subject rights to be restricted in certain circumstances. In addition, the 2018 Act contains certain provisions dealing with the restriction of rights of data subjects, in particular Sections 59, 60 and 61, which give further effect to the provisions of Article 23. Further information can be found here.


Who we share your information with


We do not share your information with third parties other than those set out in this policy. We may share your information in the following circumstances:
• Service providers: We may need to share personal information with our service providers, such as where necessary to provide our services to you. If there has been a breach of our terms of use, we may also share personal information with our legal advisors. All of our service providers will be obliged to keep your personal information safe and secure. Our website service providers include: PayPal and Stripe (a third-party provider specialising in processing payments), online fundraising platform iDonate, our website hosting company (Proactive Design and Marketing, Printing services). The Donation Form (Tree of Light, Croagh Patrick Climb, Memorial Walk) paid through Stripe is transferred into Champ our CRM system which also generates an email.
• Business Transfer: Where some or all of our charity and/or its assets may potentially be or have been acquired, we may need to transfer your personal information to the new or prospective owners.
• Legal and safety: In certain instances, we may share information where we reasonably believe that it is necessary for legal reasons, to defend our legal rights, to enforce our terms of use or to protect our rights, property, users, customers or the safety of any person. For example, we may provide personal information where ordered by a court to do so.
• Revenue: where you fill out a CHY form to enable us to claim tax back.
• Other: We will not share your information with a third party other than a service provider where you have given your consent for us to do so.

Where we store personal information


We generally store personal information on servers located inside the European Economic Area. However, in certain cases it may be necessary for us to transfer certain information to servers located outside of the EU. It is important to be aware that the privacy protections in certain jurisdictions may not be equivalent to those in Europe but we will only transfer your information outside the EEA where permitted by law and ensuring that it is subject to appropriate protections.

Data Retention

Galway Hospice Foundation retains personal data for a range of periods as set out in our Data Retention Policy.


Security


We take our security responsibilities seriously, employing the most appropriate physical and technical measures. We review our security policy regularly.


Social Media Channels


Galway Hospice’s data processing via social media; Facebook, Instagram, YouTube, X, LinkedIn do not operate under the company’s privacy notice. Galway Hospice strongly encourages people to read thoroughly the privacy notice of these third-party websites.


Social Media Use


Direct links to our social media pages are available on our website. Every social media platform has a different policy regarding how it handles your personal information when you browse its websites. For instance, if you choose to view one of the videos on YouTube, you will be prompted to accept YouTube cookies. Similarly, if you look at our activity on X, you will be asked to accept X cookies; the same applies for our presence on Instagram.


Please carefully read their privacy policies before using them if you have concerns or questions about how they utilize your personal information. Galway Hospice Foundation’s usage of social media does not in any way suggest that it approves of X YouTube, Instagram, or their privacy practices


The ideas and views expressed by Galway Hospice Foundation on social media, are for information purposes only. Nothing we say on social media should be interpreted as a legal or official notice from us. We reserve the right not to personally respond to every message or comment posted on social media.


Governing Law and Jurisdiction


This legal policy and all issues regarding this website are governed exclusively by Irish law and are subject to the exclusive jurisdiction of the Irish courts.


General


Delay or failure on our part in enforcing any of our rights shall not constitute a waiver by us of our rights and remedies. If any part of this Privacy Policy is held to be invalid or unenforceable, the validity or enforceability of the remainder will not be affected.


Contacting us


If you wish to exercise your data protection rights or have any questions about this policy or our practices relating to the website you can email our Data Protection Officer at galwaydpo@ambitcompliance.ie

Changes to this policy

We may revise this policy on occasion. This privacy policy was last updated June 2021.

*Revised March 2024.